Artificial Intelligence
(AI) Policy

Last updated: September 19, 2023

Sorty in Orange Leaf

1. Purpose

This policy aims to provide guidance to employees at SmarterX about the appropriate use of Large Language Models (LLMs) and generative AI. This includes understanding the settings in which these tools are appropriate, the restrictions on their use, and the circumstances under which different data sources can be utilized.

2. Scope

Everyone in the workforce that uses AI tools for business purposes must follow the requirements and guidelines described in this policy.

3. Policy

3.1. General Considerations

All employees must remember that LLMs and generative AI are tools and should be used wisely and ethically. Their primary application should be for generating value from data, improving services, increasing efficiency, and delivering insightful analyses while remaining compliant with all applicable regulations and respecting confidentiality agreements.

3.2. Data Sources and Origins

Public Data: SmarterX holds a majority of data that is publicly sourced from the internet. The use of LLMs and generative AI would be permissible with this type of data considering it does not contain PII (Personally Identifiable Information) and is compliant with data privacy laws.

Confidential Information: SmarterX receives some data from manufacturers, suppliers, and retailers that are considered Confidential as described in the Data Categorization Policy. Use of LLMs and generative AI with Confidential data should be restricted and only performed under strict control and in compliance with all confidentiality agreements. Prior approval by the Information Security team is required for the use of AI tools in these instances.

The following databases and tables are NOT PERMISSIBLE:

  • Databases with Supplier Provided Attributes
  • CRM Contacts and PII or other SmarterX CBI
  • Sales/Inventory data from Retailers: All confidential data, inclusive of sales/inventory data, must abide by strict usage and sharing protocols. LLMs and AI can be used on anonymized, aggregated data sets where personal identifiers have been removed, and as long as the confidentiality is preserved.
  • Some customer/partner relationships may put further restriction on the use of their data/systems.
3.3. Software Development Scenarios

LLMs and generative AI can be useful in developing internal tools, provided the source data is suitably anonymized, and the output does not risk exposing Confidential Data.For customer-facing software and those deployed to customer hardware software, LLMs and other AI should not be used, given the sensitive nature of the data that these applications may handle. In the case of code development, public sources such as Stack Overflow should not be used due to potential confidentiality and reliability threats.

3.4. Marketing Content Development

LLMs and generative AI can be leveraged for content development, provided they do not generate or disseminate content that violates copyright, trademarks, or other proprietary rights. AI-created content must align with SmarterX messaging, branding, and legal guidelines.

3.5. AI Tools

The use of AI tools, such as ChatGPT, DALL-E 2, Bing AI, Google Bard, and other publicly available generative AI or large language model-based technology tools for business purposes must be performed with caution. No internal data can be used with these tools and, whenever possible, chat history must be deleted after every interaction.

Enterprise APIs under the SmarterX accounts provided by OpenAI, Google, Microsoft, Cohere, and Amazon, with data protection and SOC 2 or ISO 27001 compliance, are the preferred method for business use. Github Copilot, Google Palm in Colab or other code writing tools must have their use approved by the Information Security team before being enabled.

3.6. Transparency and Accountability

We are committed to providing transparency about how our AI technologies work, their limitations, and potential impacts. This will empower users and stakeholders to make informed decisions. We will maintain a clear chain of accountability for the development, deployment, and outcomes of our AI solutions.

3.7. Collaboration and Regulation

We will collaborate with industry partners, research institutions, and regulatory bodies to share best practices, contribute to AI ethics discussions, and contribute to the establishment of industry standards for responsible AI.

3.8. Continuous Education & Audit

SmarterX will continually provide education for its employees on this policy, and we will conduct regular audits to ensure compliance.